CVE-2011-3138

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 12 August 2011

Summary

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/69198

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg24029498

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 12, 2011
Vulnerability Reserved
Aug 12, 2011